<?php  
require("phpsqldbinfo.php");

// Get parameters from URL


// Start XML file, create parent node
if(array_key_exists("user",$_GET) && $_GET["user"]!="" && !array_key_exists('name',$_GET))
{
	$user = $_GET["user"];
	$dom = new DOMDocument("1.0");
	$node = $dom->createElement("markers");
	$parnode = $dom->appendChild($node);

	// Opens a connection to a mySQL server
	$connection=mysql_connect ('localhost', $username, $password);
	if (!$connection) {
	  die("Not connected : ".$username." ; ". $password. mysql_error());
	}

	// Set the active mySQL database
	$db_selected = mysql_select_db($database, $connection);
	if (!$db_selected) {
	  die ("Can\'t use db : " . mysql_error());
	}
	// Search the rows in the markers table
	$query = sprintf("SELECT id, name, description, latitude, longitude FROM POIs WHERE user = '%s' OR user= 0",
	  mysql_real_escape_string($user));
	mysql_query("SET CHARACTER SET 'utf8'",$connection);
	$result = mysql_query($query);
	if (!$result) {
	  die("Invalid query: ".$query.";" . mysql_error());
	}

	header("Content-type: text/xml");
	//echo "<html> <head><body>";
	//echo $query;
	// Iterate through the rows, adding XML nodes for each
	while ($row = @mysql_fetch_assoc($result)){
	  $node = $dom->createElement("marker");
	  $newnode = $parnode->appendChild($node);
	  $newnode->setAttribute("name",  $row['name']);
	  $newnode->setAttribute("description", $row['description']);
	  $newnode->setAttribute("lat", $row['latitude']);
	  $newnode->setAttribute("lng", $row['longitude']);
	  $query2 = sprintf("SELECT * FROM StatisticsGlobal WHERE poi_id = '%s' ",
	  mysql_real_escape_string($row['id']));
	  $result2 = mysql_query($query2);
	  for ($trackplace = 1; $trackplace <= 3; $trackplace++) 
	  {
		  if($row2 = @mysql_fetch_assoc($result2)){
			  if($row2['play_count']=="0")
			  break;
			  $stringtodisp = $row2['artist'] . " - " . $row2['title'] . " : ". $row2['play_count'] . " times";
			  $newnode->setAttribute("track".$trackplace,$stringtodisp);
		  }else
		  break;
	  }
	}
	echo $dom->saveXML();
	//echo "DONE!~</body></html>";
	return;
}
if(array_key_exists('name',$_GET) && $_GET['name']!="")
{

$connection=mysql_connect (localhost, $username, $password);
if (!$connection) {
  die("Not connected : ".$username." ; ". $password. mysql_error());
}

// Set the active mySQL database
$db_selected = mysql_select_db($database, $connection);
if (!$db_selected) {
  die ("Can\'t use db : " . mysql_error());
}
echo "<html> <head><body>";

// Search the rows in the markers table
$query = sprintf("INSERT INTO POIs (`name`, `description`, `latitude`, `longitude`, `max_distance`, `user`) VALUES ('%s','%s','%s','%s','%s','%s');",
  mysql_real_escape_string($_GET['name']),mysql_real_escape_string($_GET['description']),mysql_real_escape_string($_GET['lat']),mysql_real_escape_string($_GET['lng']),mysql_real_escape_string("100"),mysql_real_escape_string($_GET['user']));
echo $query;
$result = mysql_query($query);
if (!$result) {
  die("Invalid query: ".$query.";" . mysql_error());
}
echo "DONE!~</body></html>";
return;
}
echo "<html> <head><body>DONE!~</body></html>";
?>
